I just passed (89%) the GPEN exam and I wanted to detail my experience so that others may benefit.

Just to give you some background, I have been working in security for about 12 years. I have experience in Vulnerability Assessments, Web Application Security testing and Penetration testing.

My journey to the GPEN certification started last year when I studied for the CEH and ECSA exams. A lot of the material is the same although the CEH/ECSA exams themselves require more memorization. I did not take the SANS 560 course or have a copy of the material.

Last month, I purchased a SANS practice test to help gauge my study progress. I wanted to see how I was doing before I paid out the $900 for the exam. I figured losing a $100 was not that drastic. I passed the first exam with an 84% and had to use the full four hours. I was happy with my progress.

I then purchased the exam, scheduled it for two weeks out and started tightening up on my skills. I also worked on my indexing of material.

What I used.

I have taken a couple of other SANS courses such as Command Line Kung Fu and PCI which did contain relevant material and hands on exercises. I wrote both STAR exams for those courses which gave me some experience with the SANS exam format. I also completed the CEH, ECSA exams last year as mentioned.

I read books such as Professional Penetration Testing, Live Hacking, Google hacking, the NMAP guide and many others.

I have a lab configured at home with VMware workstation and windows and Linux clients.

I also work with some of the tools which helped immensely.

The Exam

I brought a backpack full of material to the exam. I indexed everything. Actually going through the two practice exams (87% and 95%) helped me focus on the material I needed with me.

I found the exam to be similar to the practice tests but harder. The practice exams only scraped the surface for the different topics and the real exam dug into the finer details. Fortunately for me, I took the queue from the practice exam to actually do the digging.

Overall I enjoyed the experience as it allowed me practice with tools that I don’t get to use all the time.

I hope this helps.

Cheers,Norbert GriffinCISSP, CISA, GPEN, CEH, ECSA, LPT, MCSE

Last edited by ngriffin on Tue Jun 01, 2010 5:58 am, edited 1 time in total.

I agree 100% with your assessment that the practice exams are a little bit easier than the actual exam. I thought the same thing when I did the GPEN. Did you take an ECSA/LPT course from any of the EC-Council master instructors? I felt that most of the material in GPEN was quite similar to that of ECSA/LPT.

No I have been doing this all on my own. It’s hard to fit in courses with work and life. There is also so much material out there like books, videos and sites like this. I also really enjoy figuring things out myself. It takes a bit longer but it’s worth it for me.

I have not decided on my next certification. I’m considering the Offensive Security cert but I’m also looking at the SANS GWAPT because of some projects I’m currently working on. Any suggestion?